Endpoint

1/28/2015
12:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

New Patent Eliminates Passwords

Patented technology from TextPower verifies your identity while simplifying website logins; introduces SnapID(TM) that replaces usernames and passwords

SAN JUAN CAPISTRANO, CA., January 28, 2015 – Today on National Data Privacy Day, TextPower announces that the company has been granted an important patent for a “text messaging authentication system” that is the basis for the company’s TextKey™ platform. Websites using the TextKey™ platform will offer their users higher security, easier logins and less hassle and save themselves from the most common cause of customer support calls – lost login IDs and passwords.  TextKey™ will significantly reduce enterprise or e-commerce website operating costs and inoculate them against the most common forms of hacking: social engineering, password theft, key loggers and phishing schemes. 

Unlike commonly available authentication systems TextKey™ users send a simple text message (SMS) from their cell phone to authenticate their identity. Through this one simple text message, multiple factors are authenticated using the patented technology forming a highly secure barrier to hacking.  The TextKey™ system also employs a secure connection, completely outside the browser environment, that eliminates man-in-the-middle attacks making it significantly more secure than any other SMS-based two factor authentication technologies.  Without physical possession of the authorized cell phone and knowing the user's personal PIN, identity thieves cannot login to an account using someone else's credentials. 

“What an appropriate day to receive a patent for our authentication technology and announce our one-step secure login product, SnapID™,” said Scott Goldman, CEO of TextPower. “SnapID™, a new product based on our patented TextKey™ platform, eliminates the need for both user IDs and passwords.  No more remembering, typing, managing or resetting passwords.  No more lists, sticky notes or password managers to handle the dozens of login credentials we all use everyday.  To login, users 'just text it'."

SnapID™ doesn’t just solve the password problem – it eliminates it and will fundamentally change the way people login to websites, use ATMs, buy pay-per-view movies, checkout at cash registers and any other process that requires identification and authentication.  Cell phones have already replaced address books, cameras, calculators, boarding passes, navigation systems, music players and even heart rate monitors.  By using them to send a simple text message they can now replace userIDs, passwords, authentication tokens, USB keys and the ubiquitous – and reviled – login box on every website.

A SnapID™-enabled website will have a “Login with SnapID™” button along with the traditional username and password fields. Visitors who have registered for a free SnapID™ account will simply click that button; a one-time password then appears on their computer screen. The visitor sends a plain text message with the one-time password from their registered cell phone (which doesn’t need to be a smart phone) and they are then logged in securely.  Logging in takes about as long as it takes to send a text message and is explained in this 2-minute video: https://vimeo.com/107771091
For more information on TextKey™, visit http://www.textkey.com. To register for SnapID™ and check out the demo, visit http://www.snapid.co or text “NoMorePasswords” to 81888. 

About TextPower, Inc.
TextPower, Inc. provides alerting and authentication solutions to a variety of industries worldwide using text messaging (SMS). The company's software and text messaging services help companies enhance their revenues, decrease costs and improve customer service. TextPower's patented authentication technology (Patent No. #8943561) replaces tokens or security fobs previously needed as a second factor of authentication to verify the identity of online users for password-protected applications. TextPower's mission-critical infrastructure employs geo-redundancy for the industry's highest reliability, providing delivery to virtually every cell phone in the United States and connections to most recognized wireless operators around the world. Visit http://www.TextPower.com, email [email protected] or call 888.818.1808 for more information.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
ScottJGoldman
50%
50%
ScottJGoldman,
User Rank: Apprentice
1/29/2015 | 7:24:14 PM
Re: What's so bad about passwords?
FULL DISCLOSURE: I am the co-founder and CEOMof TextPower, the company mentioned in this article that developed the patented technology. To be clear, our system does use a cell phone to send text messages but there are also other aspects to the patent. The pertinent fact, though, is that the cell phone transmits a critical and unique piece of information about itself when it SENDS, but not when it receives, a text message. Passwords are yes, easily implemented, changeable, recoverable, etc. The problem is that they are also easily compromised, forgotten and guessed. Imagine that you had a personal keypad that could log you into any website. You'd never have to choose, remember, record, reset or type an ID or password ever again. You'd just type a few numbers on the keypad and hit "enter" and the magic behind the keypad would identify you and authenticate you all in one step, That's what SnapID does - your cell phone is that personal keypad and the patented technology is the magic.
HAnatomi
50%
50%
HAnatomi,
User Rank: Apprentice
1/28/2015 | 9:36:28 PM
We cannot live without the likes of passwords.
Some people shout that the password is dead or should be killed dead.  The password could be killed, however, only when there is an alternative to the password.  Something belonging to the password(PIN, passphrase, etc)and something dependent on the password (ID federations, 2/multi-factor, etc) cannot be the alternative to the password.  Neither can be something that has to be used together with the password (biometrics, auto-login, etc).

At the root of the password headache is the cognitive phenomena called "interference of memory", by which we cannot firmly remember more than 5 text passwords on average.  What worries us is not the password, but the textual password.  The textual memory is only a small part of what we remember.  We could think of making use of the larger part of our memory that is less subject to interference of memory.  More attention could be paid to the efforts of expanding the password system to include images, particularly KNOWN images, as well as conventional texts.
MrKlingon01
50%
50%
MrKlingon01,
User Rank: Apprentice
1/28/2015 | 1:40:22 PM
What's so bad about passwords?
Yes, I know - I deal with compromised accounts and passwords every day - but I don't see how someone gets a patent for a system that requires a user has a cellphone. Passwords are easily implemented, easily changed, revoked and can be shared when you need to delegate authorization - this isn't a bad thing. 
WSJ Report: Facebook Breach the Work of Spammers, Not Nation-State Actors
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/19/2018
The Browser Is the New Endpoint
Rajesh Ranganathan, Product Manager at ManageEngine,  10/23/2018
Good Times in Security Come When You Least Expect Them
Joshua Goldfarb, Co-founder & Chief Product Officer, IDRRA ,  10/23/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399
PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381
PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382
PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.